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Abstract - Storing sensitive data in an untrusted storage could lead to privacy violations, main!* 
disclosing of sensitive data by cloud service providers or external attackers. In this work, we aelcfcs?! this 
issue by introducing a secure and fine granular access control solution that enhances the privSgjJin semi 
trusted cloud storage. Our solution protects both the data and access control policies c^n^^Mitiality from 
privacy violations using proxy re-encryption and access control policy. ^^/^ 
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I. Introduction ^^^^ 

Cloud computing provides several benefits to the user such as flexit^Soc^calable on-demand services at 
reduced cost [1]. Many organizations have realized that building fih«r own infrastructure, software or 
platform require large amount of budget and skilled resources. M^iver, allocating such budget or finding 
the most suitable skilled resources is not an easy job. Cloud co|f^|^mg provides a well monitored resources 
(i.e. software, platform or infrastructure) according to the «rgasftation demand and can be expandable as 
they requested easily. Such offering pleased many organife^pns to adopt the cloud computing. Therefore, 
cloud computing technologies are expanded and irmAnvwd rapidly to accommodate most organizations 
requirements. 

While there are many benefits to adopt cloud computing, there are also some challenges and risks facing 
that adoption. One of the biggest challengKiiicing cloud computing is privacy issues. Sensitive data like 
personal, financial and medical data r^^Wen, processed and shared in an untrusted cloud could lead to 
privacy violations, mainly disclose af^ejsitive data by cloud service providers or external attackers [2] . 
Moreover, loss of control raises sa^OT^ concern of privacy since the data owner unaware of the location of 
his/her data and the operation^fipplred on his/her data in the cloud. Also unauthorized access to the stored 
data due to the weakness ofadce» control mechanism represents a serious threat to data confidentiality [3, 
4]. Numerous cloud senucCrawiders have privacy and security problems that need to be addressed [5, 6]. 
Moritz Borgmann et ^^jjstudied several cloud storage service providers namely: CloudMe, Wuala, 
CrashPlan, Dropbox^^y, TeamDrive, and Ubuntu One. None of them are able to meet all the security 
requirements suffifiBM^. Several vulnerabilities are found to name a few: week authentication, shared files 
are exposed usn^yad search engines, the data stored without encryption or cloud side encryption only does 
not prevent^ftieVnsclosure of the sensitive data by the cloud. Similarly, Amazon S3 provides only a cloud 
side encrfAon to the stored data which is not protecting the data confidentiality from the cloud provider 

^JanJ researchers have been discussing the privacy and security issues in the cloud [9, 10, 11, 12] .Tim Mather 
etNffpointed that one way to enhance the privacy in cloud is via using security principles which reduce the 
risk of privacy violation such as unauthorized access or disclosure of sensitive data [13]. Several research 
works suggested a range of guidelines, recommendations and techniques to enhance the privacy in cloud 
environment services at early design stage [2,14,15] .Yun Shen et al introduced a detailed reviews on a recent 
technologies used to enhance the privacy, and indicated that the security tools have a direct effect on 
enabling the privacy to the data [16] . 
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Recently, many researchers propose solutions to address privacy in the cloud [17, 18, 19, 20] those solutions 
are usually based on data protection using cryptography, and/or authorization. Solutions such as [21, 22, 23] 
combine attribute-based encryption and a proxy re-encryption to provide data confidentiality and fine- 
grained access control in cloud; however they did not provide a sufficient protection over accesses control 
policy since it leaks information about the user and the encrypted data. Moreover, the data owner must re- 
generate a key for a user when changing in user's access privileges happened. In contrast, our solution 
protects both the data and access control policies from disclosing and changing in user's access privileges 
does not affect the user key. 



Some solutions such as in [19] consider the cloud service providers as fully trusted and pre* 
outsourced data from unauthorized users using the access control policy only, however oM»VoJotion 
considers them as semi trusted and we protect the outsourced data from both the unauthorizel^jlers and 
the cloud using cryptography and access control policy . * 

In this paper we address the privacy issue and propose a solution to achieve secure anil™ granular access 
control over the data stored in semi trusted cloud by using the powerful proxy re-enfiyption [24] and access 
control policies. The main contributions of our work are: first, the solution we cmsented protects both the 
data and sensitive information and access control policies from privacy violatS^^^ Second, user revocation 
does not involve any data re-encryption or key re-generation to unrevokecfulwrs. Third, changing in user's 
access privileges does not affect his/her key. 




The remainder of this paper is organized as follows, section II pjffitfUs related work, section III discusses 
system model and design goals, section IV describes our solu<*MT*<n details sections V and VI introduce 
security analysis and discussion , and section VII concludes the f 

II. RelateOlSrk 

The research on data privacy in cloud computirfeA evolving over the time. Various solutions have been 
proposed about privacy preserving in cloud environment, those solutions are usually based on concepts like 
cryptography, and authorization. ^(^^ 

Siani Pearson et al. [17] have propose^lfcraiitecture of a privacy manager that has many features to provide 
privacy called obfuscation, preferW5|s and personae. However, the solution is not suitable for all cloud 
applications. Wassim Itani et aSJi8l wave presented PasS (Privacy as a Service) to data stored and process in 
the cloud. In this approach^CjoVding the privacy of the data in the cloud is depending on the use of a 
secure cryptographic c^pfcfjssor and a set of privacy enforcement mechanisms which offer a trusted 
environment in the cl^uHj^Nevertheless, the co-processor is an expensive hardware which makes this 
solution not practic^ft^Bcha Fahl et al [5] have introduced confidentiality as a service (CaaS) where the 
data is protected^* wo communication layers of encryption. This service can be integrated with other 
cloud services^V^ide confidentiality to the outsourcing data , the CaaS is responsible for protection the 
data while </i^ploud provider is responsible for storing the data and enforcing the access control 
mechanisa,\?hadwick David [19] have built a privacy preserving authorisation system for the cloud on 
assumjihqjmat the cloud can be trusted and the cryptography is not necessarily to protect the data from 
e system consists of several components to enforce the privacy policies of the data owner, data 
r the law. Further, the system is able to resolve the conflicts between the policies written by 
uthorities and different languages and capable to do an obligation before and after the access to 
the outsourced data. Kamara S et al. [20] have introduced three architectures for a cryptographic storage 
service in the cloud. They composed of three basic components: data processor which encrypts the data 
before outsourcing them, data verifier that checks the integrity of stored data and token generator that 
responsible of creating credentials for data sharing and tokens for data searching. However the 
communication between the data owner and the users will be a bottle neck when the numbers of search 
requests increase. 
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Existing solutions such as [21, 22, 23] provide a secure and fine-grained data access control in the cloud 
based on several cryptography techniques to protect the outsourced data including attribute-based 
encryption and a proxy re-encryption. In contrast with those approaches, our solution provides protection 
to both the data and sensitive data in access control policies. 

Yu et al. [21] have proposed an authorization method for data sharing in the cloud environment to prevent 
unauthorized access to the sensitive data using two type of encryption techniques: the first is the key policy 
attribute-based encryption that combines an access control policy with an encryption, each data file 
associated with a set of attributes and each data user has an access privilege embedded in his/her sea^t 
key. This access privilege is in a logical expression form over certain set of attributes to define the dar^SteN 
allowed for the user to access. Only the authorized users who satisfy the set of attributes associaJw^^ith 
the encrypted data file can decrypt it. The second is proxy re-encryption that enables cloud servaPsNjerform 
re-encryption when they receive instructions from the data owner without knowing the originl^ata. The 
first encryption is used for fine-grained access control and the second is used to prqye^^a «ser whose 
permissions are revoked from accessing the data in the future. 

Similarity, Qin L, et al. [23] have proposed a time-based method called TimeiK^aTso depending on 
attribute-based encryption and proxy re-encryption however they introduced^^iew feature that enable 
user's revocation automatically. Every user has a predetermined access time tl^m stored data and when it 
expired the cloud servers automatically re-encrypt the data without 
owner. Nevertheless, it not suitable for environment where the 
Moreover, it has a limitation in the length of predetermined access tj 
same period of access time to all his attributes or multiple ke^ 
periods to different attributes. 

III. System Model an*^e*sign Goals 



instructions from the data 
ler revokes a user anytime. 
;ns one key to the user with 
present different length of access 



In this section, the system model and the design gi 




with our assumptions are introduced. 



In our model there are three parties: drf^l^service provider, data owner and data users. The cloud in the 
system model is responsible for stori^g^e data, authorizing the users based on the stored policies and re- 
encrypting the requested data (ra^^^t section III for more information). We assumed that the cloud is 
semi trusted party, honest to dfl^he required activity i.e. authorizing and re-encrypting but curious to know 
the stored data, thus bothJqg^Hata and the policies are hidden from the cloud. The data owner is 
responsible for en crypfto jj^Jg data before outsourcing it to the cloud, determining the policies and 
constrains for each dat^nm and encrypting them before outsourcing to the cloud and generating the keys 
(public/private) for (jl^users and the re-encryption keys for the cloud. When a user requests a file, his/ her 
e"\wfore sending to the cloud. The cloud validate the request according to the stored 
fen execute the re-encrypting on the encrypted data using re-encryption key dedicated 
:nd it to the user. At the user' side, he/she decrypts the file using his/her private key. 

B. Design Goals 

of our solutions are the following: 

1. Protects the confidentiality of the stored data from the unauthorized user and the cloud server not 
to decrypt them. 

2. Protects the confidentiality and privacy of sensitive information in the policies from the cloud. 

3. Provide a fine granular access control using the access control polices. 
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IV. Our Solution in Details 



A. Preliminaries 



The basic idea behind our solution is using Proxy re-encryption [24] with access control policies. The Proxy 
re-encryption simply converts a cipher text under public key of user A into a cipher text under public key of 
user B without disclosing the plain text. The policy is in the following format policy (S, O, P, C ) . We 
denote S, O, P, and C as subject, object , permission type and constrains respectively. The subject couldl#e>a 
user, a role in Role-based Access Control (RBAC) or even attributes in Attribute-based Access Gmtiipl 
(ABAC) depending on the environment requirements. The permission type could be read, write, (^ckelete. 
The constrains are the access time, location or any other privacy constrains. ^^f^ 



B. Solution Description 



In our work there are two main procedures: data owner initialization and user acce£9infcfhe data and each 
of them consists of numbers of functions some of them are Proxy re-encryj^OT^ functions. Next, the 
functions definitions and the working procedures of our solution are introdu£epLNummary of notations is 
shown in tablei. 



1) Functions Definitions^ 

The proxy-re-encryption is used to hide the data from the cloud^ir^^isists of the following functions: 



a owner private key SKo and a user public key PKu 



PRE-KeyGen (par , u)( PKu,SKu):this function kAesponsible for generating the key pair to the 
authorized users, it takes a global parameter jfti^jrfd the user id u and output the user key pair 
(public key PKu, and private key SKu). 
PRE-ReKeyGen (SKo , PKu)RKou: it takesJtmta owne 
and generates the re- encryption key RRfc^* 
PRE-Enc (data, PKo)C: it encrypts tjrf^data using data owner public key PKo to output the cipher C. 
PRE-ReEnc (C, RKo0u)C: it re-ertfcm»ts the cipher C to another cipher C using re- encryption key 
RKou. 

PRE-Dec(C, SKu) data: it^S^Jfs the cipher C using user private key SKu. 



The following functions are u: 




hide sensitive information from the cloud: 



5,0'): it takes the subject S and the object O, combines them with salt, hashes 
£nd then encrypts them using data owner public key PKo. 
■policies store) R: it searches for the two encrypted units in the policies store and 
kult of the matching R. 



Table 1: Summary of notations 
description 



Descriptiou 



Data owner public key 



Data owner privet key 
User public key 



User privet key 



User re -encryption key 



2) Working Procedures: 

The main working procedures are: 
data owner initialization and user 
accessing the data. 
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a) Data owner Initialization: 



In this process the data owner generates the keys (public/private) for the users using PRE-KeyGen function 
then distributes them to the users. Moreover, he/she generates a re-encryption key for each user using PRE- 
ReKeyGen function; this key enables the cloud to convert the encrypted data under the data owner public 
key to another encrypted data under the user public key without knowing the data. Moreover, the data 
owner determines the policies for each data file and encrypts the sensitive part of them using Pol-Enc 
function. In addition, he/she encrypts the data using his/her public key PRE-Enc function. Finally, the 
owner outsources the policies, the encrypted data and the encryption keys list to the cloud. Steps fr< 
4 in Figure 1 illustrate this process. 

Figure 1: privacy ^rVi^vii 
model for cloud envSe/ment. 

b) Uw^Xecess: 

reqf 



:m 



mm 



i mtMm ^c^ 



irocess, the user 
ccess to specific data, 
: quest is encrypted at 
side using Pol-Enc 
nction (step5 in Figi). When 
cloud receives the 
encrypted request, it searches 
for the request in the policy 
store to validate the 
authorization using Match 
function (step 6 in Figi). If the 
performs the next process which is the data re- 
le re-encrypting key belongs to the user in PRE-ReEnc 
de, the user decrypts the data using his/her private key 



user has permissions to the requested data, the 
encryption. It re-encrypts the requested data u; 
function and sends them to the user. At the^user 
in PRE-Dec function. / 

If the user is not authorized to access Jli^^xa because the matching is not found cloud denies the access 



and informs the user (stepyb in Fii 



User revocation process^ 



St 



C. Us^^evocation and Permisstions Changing 



expensive process, usually it requires the data owner re-encrypting the data 



with a new key and re-4s^buting that key to authorized users, this emerges heavy computation overhead 
to the data owner blaSKe it involves data re-encryption and key re-distribution to authorized users. Some 
solutions dele«it£uwMieavy workload from data owner to the cloud [21]. In our solution, user revocation 
does not invoj^grfy data re-encryption or key re-generation to unrevoked users. The cloud only removes 
the revoke^^serre-encryption key from the re-encryption keys list without involving any addition change 
to otheraJS^key or the stored data. Thus, the revoked user cannot access the data without this key. 
In re/91^TO changing in user's access privileges, solutions that combine attribute-based encryption and 
j^fo^^e/encryption [21, 22, 23] generate a new key for a user who permissions are changed. In our solutions, 
changing in user's access privileges does not affect his/her key. Simply the data owner changes the policy 
related to the user. 



V. Preliminary Security Analysis 



Against cloud: our solution protects the confidentiality of the data against the clouds provider via 
encrypting them using a public key of the data owner thus the cloud cannot know the encrypted data. 
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Moreover, our solution protects the privacy of the policies, the sensitive part of the policies (i.e. subject and 
object) are hidden from cloud using the encryption. 

Against unauthorized access: Unauthorized users will not pass through the authorization validation. 
Moreover, if unauthorized user somehow accesses the data, he/she would not be able to decrypt the data; 
since the stored data is encrypted by the data owner public key and only he/she is able to decrypt the data, 
and unauthorized user does not have the re-encryption key to transfer the encrypted data to another 
encrypted data under his/her key . 

VI. Disscussion 

ry 

There are three assumptions in this work, first we assume that a robust authentication stage is dolarprior to 
our authorization stage and it that authenticates the user and initializes shared session^i^fyfJon keys to 
encrypt all ongoing communication afterward, thus, assuring secure channel for all late^^^g^s. 

Second, although the process of re-encryption every file on the cloud is a power-adtsuVnption process, but 
we are dealing with the cloud computing which can handle such overheawSmuch better than local 
resources-limited computing. ^^^^ 

Third, we encrypted the subject and object only in our policy m^^S^T leaving the permission and 
constraints on clear text, because we believe that revealing the ^urfect'or object to the cloud could 
jeopardize the privacy of users such as the possibilities for the^tauff to know the most critical file by 
knowing the files that grant only the CEO or other important i/ftktt^ccess. It is not possible to encrypt the 
permission (i.e. read or write) or constraints (time or location) tfccause the cloud needs to read the policy to 
process the right. 

VII. Co 

In this paper, we presented a solution to enhanc% the data privacy's in cloud environment. Our work i: 
based on using a proxy re-encryption anaHKcNess control policies. The main advantages of our work are 
protecting the confidentiality of data policy, and it facilitates the processes of user revocation and 

privileges changing comparing to^xie&n^solutions. Our ongoing work addresses expanding authorization 
to accommodate other aspects of f^l^ity and privacy and to support more complex policies. Moreover, we 
will try to solve authorization otaflicts and inconsistencies. 
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